diff options
author | Rod Vagg <rod@vagg.org> | 2015-08-20 14:51:00 +1000 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2015-08-26 21:07:15 +1000 |
commit | b6a4c0518f05c4a5ed5835bf2b2d3e5a2d9c35cd (patch) | |
tree | 200d21dad0f134d7de4c3b0e75102711af438560 /README.md | |
parent | 2e8bb62011f0694f218bcd2d9ddaaadeac3e07fc (diff) | |
download | android-node-v8-b6a4c0518f05c4a5ed5835bf2b2d3e5a2d9c35cd.tar.gz android-node-v8-b6a4c0518f05c4a5ed5835bf2b2d3e5a2d9c35cd.tar.bz2 android-node-v8-b6a4c0518f05c4a5ed5835bf2b2d3e5a2d9c35cd.zip |
doc: reorg release team to separate section
included:
* commands to run to import all active keys
* list of previous Node.js releasers key details
PR-URL: https://github.com/nodejs/node/pull/2455
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 40 |
1 files changed, 32 insertions, 8 deletions
@@ -50,15 +50,16 @@ to verify that the file has not been tampered with. To verify a SHASUM256.txt.asc, you will first need to import all of the GPG keys of individuals authorized to create releases. They are -listed at the bottom of this README. Use a command such as this to -import the keys: +listed at the bottom of this README under [Release Team](#release-team). +Use a command such as this to import the keys: ``` $ gpg --keyserver pool.sks-keyservers.net \ --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D ``` -_(Include each of the key fingerprints at the end of this command.)_ +_(See the bottom of this README for a full script to import active +release keys)_ You can then use `gpg --verify SHASUMS256.txt.asc` to verify that the file has been signed by an authorized member of the Node.js team. @@ -328,7 +329,6 @@ that forms the _Technical Steering Committee_ (TSC) which governs the project. F information about the governance of the Node.js project, see [GOVERNANCE.md](./GOVERNANCE.md). -======= ### TSC (Technical Steering Committee) * **Ben Noordhuis** <info@bnoordhuis.nl> ([@bnoordhuis](https://github.com/bnoordhuis)) @@ -336,13 +336,9 @@ information about the governance of the Node.js project, see * **Fedor Indutny** <fedor.indutny@gmail.com> ([@indutny](https://github.com/indutny)) * **Trevor Norris** <trev.norris@gmail.com> ([@trevnorris](https://github.com/trevnorris)) * **Chris Dickinson** <christopher.s.dickinson@gmail.com> ([@chrisdickinson](https://github.com/chrisdickinson)) - - Release GPG key: 9554F04D7259F04124DE6B476D5A82AC7E37093B * **Rod Vagg** <rod@vagg.org> ([@rvagg](https://github.com/rvagg)) - - Release GPG key: DD8F2338BAE7501E3DD5AC78C273792F7D83545D * **Jeremiah Senkpiel** <fishrock123@rocketmail.com> ([@fishrock123](https://github.com/fishrock123)) - - Release GPG key: FD3A5288F042B6850C66B31F09FE44734EB7990E * **Colin Ihrig** <cjihrig@gmail.com> ([@cjihrig](https://github.com/cjihrig)) - - Release GPG key: 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 * **Alexis Campailla** <orangemocha@nodejs.org> ([@orangemocha](https://github.com/orangemocha)) * **Julien Gilli** <jgilli@nodejs.org> ([@misterdjules](https://github.com/misterdjules)) * **James M Snell** <jasnell@gmail.com> ([@jasnell](https://github.com/jasnell)) @@ -385,3 +381,31 @@ information about the governance of the Node.js project, see Collaborators & TSC members follow the [COLLABORATOR_GUIDE.md](./COLLABORATOR_GUIDE.md) in maintaining the Node.js project. + +### Release Team + +Releases of Node.js and io.js will be signed with one of the following GPG keys: + +* **Chris Dickinson** <christopher.s.dickinson@gmail.com>: `9554F04D7259F04124DE6B476D5A82AC7E37093B` +* **Colin Ihrig** <cjihrig@gmail.com> `94AE36675C464D64BAFA68DD7434390BDBE9B9C5` +* **Jeremiah Senkpiel** <fishrock@keybase.io> `FD3A5288F042B6850C66B31F09FE44734EB7990E` +* **Rod Vagg** <rod@vagg.org> `DD8F2338BAE7501E3DD5AC78C273792F7D83545D` + +The full set of trusted release keys can be imported by running: + +``` +gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B +gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 +gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E +gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D +``` + +See the section above on [Verifying Binaries](#verifying-binaries) for +details on what to do with these keys to verify a downloaded file is official. + +Previous releases of Node.js have been signed with one of the following GPG +keys: + +* Julien Gilli <jgilli@fastmail.fm> `114F43EE0176B71C7BC219DD50A3051F888C628D` +* Timothy J Fontaine <tjfontaine@gmail.com> `7937DFD2AB06298B2293C3187D33FF9D0246406D` +* Isaac Z. Schlueter <i@izs.me> `93C7E9E91B49E432C2F75674B0A78B0A6C481CF6` |